Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. | |||||
| CVE-2021-23935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. | |||||
| CVE-2021-23936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.4 allows XSS via the subject of a task. | |||||
| CVE-2020-36190 | 1 Rails Admin Project | 1 Rails Admin | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | |||||
| CVE-2020-27262 | 1 Innokasmedical | 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware | 2021-01-14 | 3.5 LOW | 5.4 MEDIUM |
| Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface. | |||||
| CVE-2019-19935 | 1 Froala | 1 Froala Editor | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor before 3.2.3 allows XSS. | |||||
| CVE-2020-25476 | 1 Liferay | 1 Liferay Portal | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submitted the payload. An attacker could escalate its privileges in case an admin visits the calendar that injected the payload. | |||||
| CVE-2020-26297 | 1 Rust-lang | 1 Mdbook | 2021-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query. Owners of websites built with mdBook have to upgrade to mdBook 0.4.5 or greater and rebuild their website contents with it. | |||||
| CVE-2020-4838 | 1 Ibm | 1 Api Connect | 2021-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036. | |||||
| CVE-2020-13116 | 1 Carbonite | 1 Server Backup Portal | 2021-01-13 | 3.5 LOW | 5.4 MEDIUM |
| OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation. | |||||
| CVE-2020-23849 | 1 Jsoneditoronline | 1 Jsoneditor | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript. | |||||
| CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | |||||
| CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | |||||
| CVE-2020-4892 | 1 Ibm | 1 Emptoris Contract Management | 2021-01-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979. | |||||
| CVE-2019-12539 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. | |||||
| CVE-2014-9269 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-01-12 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. | |||||
| CVE-2013-4460 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | |||||
| CVE-2014-9270 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field. | |||||
| CVE-2014-9272 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2021-01-12 | 4.3 MEDIUM | N/A |
| The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. | |||||
| CVE-2020-8823 | 1 Sockjs Project | 1 Sockjs | 2021-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | |||||